CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Managing Policy for Coordinated Defense

Clifford Neuman - ISI/USC

Mar 24, 2004


As currently deployed computer security is implemented through a
collection of point defenses. Firewalls, VPN's, authentication
technologies, and authorization for application servers all use their
own policies, only occasionally administered centrally. In reality,
the organization rules on which these defenses should base their
actions originate from many places, but changes to the end policies
often fail to implement such rules.

The authorization architecture developed as part of USC's DEFCN
effort, and on which Dr. Neuman's current research is based, allows
policies to originate from multiple sources. These policies express
more than just access policies (whether an action is allowed); they
specify what security services are to be applied when executing an
action support new security actions such as adaptive audit. The
policies are communicated through multiple mechanisms, including
subscription, and by embedding them in authentication and
authorization credentials issued users of the system. The DEFCN
architecture enables coordinated implementation of policies across a
wide range of defense mechanisms.

In this talk, Dr. Neuman will discuss activities at USC's Center for
Computer Systems Security in manging distributed policies for large
federated systems.

About the Speaker

Dr. Clifford Neuman is director of the Center for Computer Systems Security at the Information Sciences Institute (ISI) of the University of Southern California (USC), Associate Division Director of the Computer Networks Division at ISI, and a faculty member in the Computer Science Department at USC. Dr. Neuman earned a Bachelor\'s degree at the Massachusetts Institute of Technology and subsequently worked at Project Athena. He received M.S. and Ph.D. degrees from the University of Washington.

Dr. Neuman conducts research in distributed systems, computer security, and electronic commerce. He is the the principal designer of the Kerberos authentication system and architected its use as a basis for distributed authorization. The Kerberos system has served as the basis for many commercial computer security products and among other deployments, provides user authentication for Microsoft\'s Windows 2000 and Windows XP. Dr. Neuman also developed the NetCheque

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.